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DETAILED ACTION 

Response to Amendment 

1 . In response to communications filed on 10/01/2007, the Examiner acknowledges 
the amendments made to the claims and have both considered and applied them to the 
claims. 

Response to Remarks/Arguments 

2. Applicant's communication of 1 0/07/2007 regarding the arguments of the claim 
rejections of 06/01/2007 have been fully considered but they are not persuasive. 

In response to the several variations of the Applicant argument (regarding claims 
1 and 6-8) that claims Grantges does not teach or suggest using a nonsecure stateless 
first protocol for inserting the certificate unmodified into a cookie header of a request 
and then transmitting said unmodified certificate within the a cookie header using said 
first protocol, the Examiner cites 3:21-29 of Grantges which recites, "[an] identifier 
comprising] a character string associate with the application to which the user of the 
remote client computer is provided access [and a] gateway ... configured to create a 
cookie containing the identifier wherein subsequent requests made by the client 
computer also include the cookie containing the identifier." The reference clearly 
discloses the claimed and argued limitation of inserting a certificate unmodified into a 
cookie header. 

3. In response to the Applicant argument that neither Devine nor Grantges does not 
teach or suggest transmitting the request, including the cookie header containing the 
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certificate, from the security module to the server machine using the first [non-secure] 
protocol, the Examiner respectfully disagrees citing 2:36-38, which recites, "another 
known gateway for providing access to a private network over an insecure network 
involves a two-level client-side digital certificate authentication mechanism." The 
Examiner understand this disclosure to read upon the claimed and argued limitation, 
thus the rejection is maintained. 

Specification 

4. The disclosure is objected to because of the following informalities: There is no 
support in the disclosure for the claimed apparatus of claims 6 and 15-17 and the 
claimed media of claims 8-1 1 . 

Appropriate correction is required. 

Claim Rejections - 35 USC § 101 

5. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

Claim 6 and 15-17 are rejected under 35 U.S.C. 101 because the claimed 
invention is directed to non-statutory subject matter. The apparatus of the claim is not 
supported by the Specification as the machine described therein is directed towards 
computer software and not a physical device or piece of hardware. 
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Claim Rejections - 35 USC § 103 

4. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 1-17 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Devine et a\. (US Patent Publication No. 2005/0210296 A1 hereinafter Devine) 
and further in view of Grantqes et a\. (US Patent No. 6,510,464 hereinafter 
Grantges). 

Regarding claims 1 and 15-17 , Devine , discloses a method and apparatus for 
communicating to a server machine a certificate of a user which is sent by a 
client machine via a security module of a computer system, wherein a first 
protocol used between the client machine and the server machine is a stateless 
protocol, and a second protocol used between the client machine and the 
security module is a stateless protocol, said method comprising: 

transmitting the request, including said cookie header containing said 
certificate, from the security module to the server machine, wherein said 
certificate has a plurality of separators; and wherein said cookie header includes 
a plurality of cookies (0066, 0118, 0122, 0124-0126 of Devine ). 
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Devine is silent in disclosing inserting said certificate into a cookie header of a 
request in the first protocol, however Grantges doses disclose this limitation (col. 
2 lines 36-54 and col. 10 lines 6-31). It would have been obvious for one of 
ordinary skill in the art, at the time of the invention, to combine the secure 
gateway having routing feature of Grantges with the secure customer interface 
for web based data management of Devine Grantges provide motivation for this 
combination in the recitation, "In a preferred embodiment, the identifier comprises 
a character string associate with the application to which the user of the remote 
client computer is provided access. The gateway is configured to create a cookie 
containing the identifier wherein subsequent requests made by the client 
computer also include the cookie containing the identifier. Through the foregoing, 
the identification of the selected application is known by the gateway (col. 3 lines 
21-29 of Grantges )." Therefore it would have been obvious to combine these 
concepts as it is the preferred manner of provided increased security to 
transmitted messages. 

Regarding claim 2 , Devine , discloses removing from said certificate all 
separators used in headers of the request prior to insertion of said certificate into 
said cookie header (0131 of Devine ). 



Regarding claim 3 , Devine , discloses determining, prior to the inserting step, 
whether an existing cookie header is present in the request sent by the client 
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machine; and creating a new cookie header if said existing cookie header is not 
present in the request sent by the client machine (0124 of Devine). 



Regarding claim 4 , Devine , is silent in disclosing adding a specific cookie into the 
existing or new cookie header; and assigning a configurable default name to said 
specific cookie to enable the server machine to distinguish the certificate from 
cookies of the request, however Grantqes doses disclose this limitation (col. 2 
lines 36-54 and col. 1 0 lines 6-31 ). It would have been obvious for one of 
ordinary skill in the art, at the time of the invention, to combine the secure 
gateway having routing feature of Grantqes with the secure customer interface 
for web based data management of Devine Grantqes provide motivation for this 
combination in the recitation, "In a preferred embodiment, the identifier comprises 
a character string associate with the application to which the user of the remote 
client computer is provided access. The gateway is configured to create a cookie 
containing the identifier wherein subsequent requests made by the client 
computer also include the cookie containing the identifier. Through the foregoing, 
the identification of the selected application is known by the gateway (col. 3 lines 
21-29 of Grantqes )." Therefore it would have been obvious to combine these 
concepts as it is the preferred manner of provided increased security to 
transmitted messages. 
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Regarding claim 6 , Devine , is silent in disclosing a security machine which 
secures exchanges between a client machine and a server machine of a 
computer system, wherein a first protocol used between the client machine and 
server machine is a stateless protocol, and a second protocol is implemented 
between the client machine and said security machine is a stateless protocol, 
said security machine is comprising: an analyzer which enables the transmission 
of a certificate inserted into a cookie header of an HTTP or equivalent request 
wherein said cookie header includes a plurality of cookies (0130 and 0131 of 
Devine ). 

Regarding claims 7 and 12-14 , Devine , discloses a client machine, a server 
machine, and a security module (0066, 01 1 8, 01 22, 01 24-01 26 of Devine ). 

Devine , is silent in disclosing a first protocol used between the client machine 
and the server machine are configured to communicate using a first protocol, 
said first protocol comprising a stateless protocol; wherein the client machine and 
the security module are configured to communicate using a second protocol, said 
second protocol comprising a secure stateless protocol; and wherein the security 
module comprises an analyzing program which enables transmission of a 
certificate sent by the client machine in a cookie header of a request in said 
stateless protocol, whereto stud cookie header includes a plurality of cookies, 
however Grantges doses disclose this limitation (col. 2 lines 36-54 and col. 10 
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lines 6-31 ). It would have been obvious for one of ordinary skill in the art, at the 
time of the invention, to combine the secure gateway having routing feature of 
Grantges with the secure customer interface for web based data management of 
Devine Grantges provide motivation for this combination in the recitation, "In a 
preferred embodiment, the identifier comprises a character string associate with 
the application to which the user of the remote client computer is provided 
access. The gateway is configured to create a cookie containing the identifier 
wherein subsequent requests made by the client computer also include the 
cookie containing the identifier. Through the foregoing, the identification of the 
selected application is known by the gateway (col. 3 lines 21-29 of Grantges )." 
Therefore it would have been obvious to combine these concepts as it is the 
preferred manner of provided increased security to transmitted messages. 

Regarding claims 8-11 . Devine , discloses a computer readable storage media 
upon which is embodied a sequence of programmable instructions which, when 
executed by a security module of a computer system, cause the security module 
to perform operations comprising: communicating to a server machine a 
certificate of a user which is sent by a client machine via the security module, 
wherein a first protocol used between the client machine and the server machine 
is a stateless protocol, and wherein a second, protocol used between the client 
machine and the security module is a secure stateless protocol; inserting said 
certificate into a cookie header of a request in the first protocol; and transmitting 
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the request, including said cookie header containing said certificate, from the 
security module to the server machine; wherein said certificate has a plurality of 
separators; and wherein said cookie header includes a plurality of cookies (0066, 
01 1 8, 01 22, 01 24-01 26 of Deyine). 



Conclusion 

5. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to CHINWENDU C. OKORONKWO whose telephone 
number is (571 )272-2662. The examiner can normally be reached on MWF 2:30 - 6:00, 
TR 9:00-3:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nasser Moazzami can be reached on (571) 272 4195. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Nasser G Moazzami/ 
Supervisory Patent Examiner, Art 
Unit 2136 

/C. C. O.l 

Examiner, Art Unit 2136 



